slawek/gemini-ent
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3 Commits 1 Branch 0 Tags
868e606e1f418f99645dbb792889438db39d0b31
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

Gemini Enterprise Agent Platform — Terraform Scaffold

Provisions the infrastructure needed to use the Gemini Enterprise Agent Platform (Vertex AI Agent Engine) on an existing GCP project: required APIs, service accounts, and IAM bindings.

AI-generated code. This module was scaffolded with AI assistance. Review all resources and IAM bindings before applying to a production project.

Creating a GCP project

# List available folders to find your folder ID
gcloud resource-manager folders list --organization=ORGANIZATION_ID

# Create a new project inside a folder
gcloud projects create PROJECT_ID \
  --name="PROJECT_DISPLAY_NAME" \
  --folder=FOLDER_ID

# Link a billing account (required before enabling APIs)
gcloud billing projects link PROJECT_ID \
  --billing-account=BILLING_ACCOUNT_ID

# Verify
gcloud projects describe PROJECT_ID

To find your billing account ID:

gcloud billing accounts list

Prerequisites

  • Terraform >= 1.5.0
  • An existing GCP project
  • gcloud CLI authenticated with permissions to enable APIs and manage IAM

Usage

cp terraform.tfvars.example terraform.tfvars
# edit terraform.tfvars — set your project_id

terraform init
terraform plan
terraform apply

Variables

Name Required Default Description
project_id yes Existing GCP project ID
prefix no gemini Short prefix applied to all resource names

Outputs

Name Description
project_id GCP project ID
agent_sa_email Runtime service account email (for apps)
code_assist_sa_email Code Assist enterprise SA email

What gets created

  • 7 GCP APIs enabled (aiplatform, cloudaicompanion, discoveryengine, dialogflow, secretmanager, iam, cloudresourcemanager)
  • 2 service accounts — one for app runtime, one for IDE enterprise config
  • 4 project IAM bindings

Setting up credentials

Use Application Default Credentials:

gcloud auth application-default login
gcloud config set project <your-project-id>

For workloads running on GCP (Cloud Run, GKE, Compute Engine), attach the service account to the resource — no credentials file needed.

Granting developer access to Gemini Code Assist

# Single user
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="user:YOU@DOMAIN" \
  --role="roles/cloudaicompanion.user"

# Google Group (recommended for teams)
gcloud projects add-iam-policy-binding PROJECT_ID \
  --member="group:devs@DOMAIN" \
  --role="roles/cloudaicompanion.user"

VS Code setup

  1. Install the Gemini Code Assist extension from the VS Code Marketplace
  2. Sign in with a Google account that has roles/cloudaicompanion.user on the project
  3. In Settings, set Cloud AI Companion: Project to your project_id

License

MIT © 2026 Slawomir Koszewski

Reference in New Issue View Git Blame Copy Permalink
S
Description
No description provided
Readme MIT 45 KiB
Languages
HCL 100%